Debian Security Advisory

DLA-228-1 exactimage -- LTS security update

Date Reported:
28 May 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 786785.
In Mitre's CVE dictionary: CVE-2015-3885.
More information:

A vulnerability has been discovered in the ExactImage image manipulation programs.

  • CVE-2015-3885

    Eduardo Castellanos discovered an Integer overflow in the dcraw version included in ExactImage. This vulnerability allows remote attackers to cause a denial of service (crash) via a crafted image.

For the oldoldstable distribution (squeeze), these problems have been fixed in version 0.8.1-3+deb6u4.

For the oldstable, stable, and testing distributions, these problems will be fixed soon.